Follow

Subscribe to nixhacker - The Reverser's Space

Get the latest posts delivered right to your inbox

Great! Check your inbox and click the link to confirm your subscription

Please enter a valid email address!
Log in Sign up

Rootkits

A rootkit is a clandestine computer program designed to provide continued privileged access to a computer while actively hiding its presence. In this part we will analysis rootkits hiding and exploiting techniques.

8 Articles

Rootkits

Summary of linux kernel security protections and associated attacks

Linux

Summary of linux kernel security protections and associated attacks

Linux kernel goes through rapid changes frequently. Unlike other platforms, Linux security features are not advertised enough and are limited to mail threads. Since Linux is getting more popular, it's important to be aware about protections it provides against sophisticated attacks targeting kernel.

By Shubham Dubey 1 Jan 2023

Hooking or Monitoring System calls in linux using ftrace

Rootkits

Hooking or Monitoring System calls in linux using ftrace

In this post we will see how can you use ftrace to hook linux system calls. For learning purpose, we will create a kernel module that will make any target file immutable in system.

By Shubham Dubey 24 Sep 2021

Remote debugging windows kernel driver(without symbols) using windbg

Reverse engineering

Remote debugging windows kernel driver(without symbols) using windbg

In this post we are going to learn few tips and tricks to debug a Windows kernel driver without symbols in windbg.

By Shubham Dubey 2 Jul 2021

Firmware security 3: Digging into System management mode (SMM)

Firmware

Firmware security 3: Digging into System management mode (SMM)

In the third part of the series we are going to discuss System management mode (SMM) and it's security. Moreover, We will try to interact with the SMM from our linux system.

By Shubham Dubey 20 Mar 2021

Firmware security 1: Playing with PCI device memory

Firmware

Firmware security 1: Playing with PCI device memory

In this part of the series we will go through the basic of PCI devices and their memory. We will be developing linux kernel driver and using chipsec to analyze the data practically.

By Shubham Dubey 14 Nov 2020

What's at 1st sector/MBR of hard disk(MBR Forensics)

Reverse engineering

What's at 1st sector/MBR of hard disk(MBR Forensics)

MBR have lots of details about the hard disk or other storage disk which can be used for forensics purposes. In this article we will analyze the MBR's 512 bytes of data and try to interpret it.

By Shubham Dubey 22 Nov 2018

Analyse default BIOS protection of your system against LoJax: UEFI rootkit

Firmware

Analyse default BIOS protection of your system against LoJax: UEFI rootkit

LoJax is first rootkit in the wild that try to write a UEFI module into system's SPI Flash Memory. You can analyse your system's default BIOS/UEFI protection against such malware which we will discuss in this article.

By Shubham Dubey 28 Sep 2018

Understanding Windows DKOM(Direct Kernel Object Manipulation) techniques(Part 1-EPROCESS)

Rootkits

Understanding Windows DKOM(Direct Kernel Object Manipulation) techniques(Part 1-EPROCESS)

Windows uses different Objects structures for different purposes like io-management, process management etc. These structures are vulnerable to different attacks which we will going to discuss in this series.

By Shubham Dubey 13 Jun 2018